The pitfalls of quick AI solutions for KYC processes

While artificial intelligence (AI) races ahead across the financial services sector, compliance specialists are warning that shortcuts in “know your customer” (KYC) systems could expose companies to serious legal and regulatory risks.

Desigan Naidoo, executive manager: Technology at LexisNexis, a legal technology provider, says that although AI promises faster and more seamless customer onboarding, a failure to comply with Financial Intelligence Centre (FIC) requirements may uncomfortably expose organisations during audits or investigations.

He also addresses the tension between cutting-edge AI and the frameworks: “Tech tends to move in trends, as in what’s fastest and most advanced, but the tricky part comes in syncing that with the slower pace of regulatory systems.”

The risk arises when entrants to the KYC market promise seamless, data-minimal identity verification, such as simply going on a face as input. “These can offer faster, nicer customer experiences, so they’re attractive on the surface” he says, but adds that they often fall short on legislative protections and full compliance.

“The main stumbling block, as I’ve mentioned,” Naidoo continues, “is that the FIC’s focus is on compliance, rather than on technological advances. Also, laws require the permission of legislative bodies in order to move forward, whereas tech just speeds along, without waiting for anyone’s permission.”

This misalignment creates vulnerabilities for organisations that rely on unproven tools. “Following the correct process and ticking all the compliancy boxes may sound tedious, but it will save you a lot of cost and administrative headaches in the long run,” he advises.

For businesses that are dependent on robust KYC, particularly in finance, fintech and related sectors, the risks are significant. Exciting-sounding ‘bleeding-edge’ AI products may offer incomplete validation journeys. “And,” Naidoo warns, “When you’re audited, those flags emerge – and, ultimately, the responsibility rests with you, and not the supplier.”

Organisations should not simply base their comfort on what vendors tell them. Due diligence is essential.

According to Naidoo, what distinguishes LexisNexis from many others in its field is its foundation as a legal tech company that’s rooted in respect for the law and ethical principles. “At our core, we build software with prerequisites: protecting data, ensuring ethical use and complying legally. We don’t make concessions, unlike some entities that lack that jurisprudence.”

He advises organisations to shift their mindset on KYC, from viewing it as a burdensome obligation to seeing it as a strategic opportunity: “Don’t chase the most cost-effective shortcut. Treat KYC as a way to assure customers that your operations and clientele are beyond reproach. This becomes a powerful selling point, in and of itself.”

Looking ahead, Naidoo stresses the need for internal expertise to navigate evolving technologies: “Growing organisations should have capabilities (maybe a chief information officer or even dedicated team) to assimilate these tools, while still maintaining compliance.”

He notes that KYC intersects with numerous regulatory structures including data protection laws such as the Protection of Personal Information Act and global standards such as the European Union’s General Data Protection Regulation.

Naidoo believes younger business practitioners, including those of Gen Z, prioritise ethical business practices, community impact and transparency. “How you do business matters to them – not just profits but your approach to ethics, competition and society.”

Robust KYC demonstrates a commitment to preventing illicit activities such as money laundering and terrorism financing, so aligning with Financial Action Task Force goals. “By championing ethical KYC, compliant organisations can signal that their values matter to them as much as revenue.”

This scrutiny is expanding beyond traditional accountable institutions under the FIC Act. Reporting institutions and supply chain partners now face similar due diligence as accountable entities vet their networks. “KYC is becoming the bare minimum to indicate ethical, legal and compliant operations,” Naidoo observes. “It’s evolving into continuous monitoring throughout the business lifecycle – not just a one-off onboarding snapshot.”

The term KYC itself can be misleading, he adds. “It’s really more of a ‘know everybody’: customers, suppliers, vendors and employees. It’s 360-degree due diligence.”

Internationally, especially where fintech and exports are concerned, expectations for KYC compliance are even higher than they are here, given the fact we’re dealing with mature markets. “South Africa, while pragmatic, adopts best practices and implements them practically, balancing innovation with tangible return on investment, within our current economic realities.”

Naidoo also addresses AI adoption more broadly, rejecting popular fear-based narratives. “Marketing tends to push a pessimistic view: ‘Keep up with AI or be left behind.’ That view, which also arises from aggressive AI marketing, tends to hinder responsible adoption, however, turning it into a CV checkbox rather than a tool.”

Instead, he advocates viewing AI as an enabler: “It provides access to human knowledge in your own language, freeing people to offer more of their talents.”

From a local perspective, he sees immense potential. “With our economic imbalances, we can’t leave people behind. AI should be seen as a catalyst to empower and enable the struggling masses to create their own futures. We need to spread access widely, almost for free, because the societal return will far outweigh narrow commercial gains.”

Naidoo’s carefully weighed insights underscore a balanced path forward for this sector: “We should embrace innovation, but do so responsibly, with embedded ethics and law at the core. Strong KYC should be positioned as a competitive and societal advantage in an increasingly regulated world.”